ScaredySquirrel | I want to know how you'd tell PolicyKit not to ask users in the sudo group for any passwors | 18:09 |
---|---|---|
ScaredySquirrel | passwords when I do something that requires root priviledges | 18:09 |
ScaredySquirrel | tails@tails-Inspiron-3582:/mnt/myusb$ id -Gn|grep -oe '\<sudo\>' | 18:10 |
ScaredySquirrel | sudo | 18:10 |
ScaredySquirrel | tails@tails-Inspiron-3582:/mnt/myusb$ cat /etc/os-release | 18:10 |
ScaredySquirrel | NAME="Ubuntu" | 18:10 |
ScaredySquirrel | VERSION="20.04 LTS (Focal Fossa)" | 18:10 |
ScaredySquirrel | and here's my policykit : http://dpaste.com/2CK3Z6M | 18:11 |
ScaredySquirrel | would anything be wrong with my policykit file? what else do I need to change? | 18:17 |
TJ- | ScaredySquirrel: I wonder if a rule would help? see https://wiki.archlinux.org/index.php/Polkit#Authorization_rules | 18:34 |
ScaredySquirrel | TJ-: I don't know how to use globs | 18:37 |
ScaredySquirrel | if(action.id =~ "org.debian.apt.*" && subject.isInGroup("sudo")) { return polkit.Result.YES; } | 18:39 |
TJ- | I don't think the glob * is required | 18:43 |
ScaredySquirrel | but why? | 18:45 |
ScaredySquirrel | there's this nopasswd global rules thingy but then firefox would laugh and auto authenticate | 18:45 |
ScaredySquirrel | it doesn't use polkit so no...not the case | 18:46 |
ScaredySquirrel | there would have to be a huge hole in there to make it launch a little program that uses polkit and dbus and then that would happen | 18:46 |
ScaredySquirrel | because it doesn't care in this case | 18:46 |
ScaredySquirrel | about what little dbus handle the app uses | 18:46 |
ScaredySquirrel | so that nopasswd global rules is telling it to ignore the action | 18:49 |
TJ- | If it is the polkit user agent pormpting for the password then you should be able to use a polkit rule to handle it | 18:49 |
ScaredySquirrel | wait does polkit at least put a dialog up with Authenticate and click there and it just goes ahead and elevates to root? | 18:50 |
ScaredySquirrel | at least if you put nopasswd global rule in? | 18:51 |
ScaredySquirrel | i mean in that case | 18:52 |
TJ- | for a global rule I'd expect no prompt | 18:52 |
TJ- | I'm on about the current situation before making any changes | 18:52 |
TJ- | As rules are written in Javascript you'd need to create a RegExp object and then call .test(...) on it | 18:53 |
ScaredySquirrel | about the Current situation it says Authenticate I click there and it asks for a password when I have no password set | 18:53 |
TJ- | asks for the password of a user where that user has no password? | 18:54 |
ScaredySquirrel | yes | 18:54 |
ScaredySquirrel | that user is is sudo <command> with NOPASSWD in sudoers for his sudo group so he needs no password for that | 18:55 |
TJ- | well that makes sense, it's not polkit's fault the invoking user has no password | 18:55 |
ScaredySquirrel | however policykit has its no password policy | 18:56 |
ScaredySquirrel | where only policykit asks for and requires a password when it has no password | 18:56 |
TJ- | ScaredySquirrel: but polkit doesn't use sudo/sudoers, it is entirely separate. All it does do is observe which group(s) a user should be in | 18:56 |
TJ- | It used to be the adm group | 18:57 |
ScaredySquirrel | mhm its seperate so what to do to apply the same nopasswd policy to polkit for users in the sudo group? | 18:57 |
ScaredySquirrel | and i take in mind its not sudo so its not the same system | 18:58 |
ScaredySquirrel | polkit will not use the same policy as sudo | 18:58 |
ScaredySquirrel | i just want similar | 18:58 |
TJ- | As I understood it, you only want no-password to apply to a sub-set of calls, not for everthing a user might try to do | 18:59 |
ScaredySquirrel | unless policykit always forces you to use the Authenticate dialog | 18:59 |
ScaredySquirrel | if an app can just take over and press Authenticate for you that's not what I want | 19:00 |
TJ- | the link I provided earlier gives good examples of various scenarios, https://wiki.archlinux.org/index.php/Polkit#For_specific_actions | 19:00 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!